Agreed with chief. If you want this to be a domain-wide policy then just create it at the domain level and enforce it. i don't like to do this because it tends to affect my servers as well, but I'm not sure what you're trying to do here

Agreed with chief. If you want this to be a domain-wide policy then just create it at the domain level and enforce it. i don't like to do this because it tends to affect my servers as well, but I'm not sure what you're trying to do here

Click to expand...

Even if you apply it at the domain level you could put your servers into a different OU, and exclude that OU from this GPO being applied. Just a rule of thumb I have used in my short experience, all servers have a different OU with a different GPO. But, I'm a control freak

Basically, what I have done is created an UBER restrictive GPO, and just loosened my grip in areas as problems arise that they need to be loosened in.

I asked for defaults, cause this GPO will be sent to some of my customers and I do not want to waste their time setting them up. These options must be enabled when GPO is imported. It is a KIOSK GPO.

Click to expand...

If that is the case, I would just create a GPO, call it KIOSK or something similar. Once you have it setup the way you want it, export it where you are, import it where they are. You may use Microsoft's GPMC to do this.

Defaults? If you read the description of each object it will tell you what the default is.

e.g. If this policy is set to Disabled or Not Configured then this will happen.

Click to expand...

Good point. Something also to remember (which I made the mistake of the first time around) that if you set something to Disabled, let it apply, and then back to Not Configured, it stays Disabled. Sons of **** hehe